Unauthenticated Requests Rate Limit Should Be Enabled

policy name: throttle_unauthenticated_request_not_enabled

severity: MEDIUM

Description

The server allows restricting the limit of unauthenticated requests. It is recommended to turn it on as a security and reliability measure, and to reduce request volume. If an attacker tries accessing the system, this will reduce the risk of brute-force and Denial-of-service to the end users caused by high request rate.

Remediation

1. Press Settings -> Network
2. Expand “User and IP rate limit” section
3. Toggle “Enable unauthenticated API request rate limit” and “Enable unauthenticated web request rate limit”
4. Press “Save Changes”